What tech giants really do with your data

2018-07-06 10:22:45

By Tom Calver and Joe Miller BBC News

Tracking your phone's gyroscope, scanning your messages and giving your data to third-party companies.

These are just three of the things you agree to when signing up to some tech companies' apps and sites.

BBC research has found some of the language used in privacy policies and terms requires a university education to be understood.

But dig down beneath the jargon, and there are some surprising realities about how your data is used.

1. Your location is tracked - even if you don't allow it

Many apps ask permission to track your precise location through your phone's Global Positioning System (GPS), which users can refuse.

But even if you refuse the app permission, they can still see where you are.

Facebook, for example, collects location-related information aside from your phone's GPS. It still tracks where you are through IP addresses, "check-ins or events you attend".

Twitter also "requires" information about your current location, "which we get from signals such as your IP address or device settings". This is so it can "securely and reliably set up and maintain your account".

Gmail messages 'read by human third parties'

Facebook reveals its data-sharing VIPs

Apple jams Facebook's web-hacking tools

2. Companies pass your data to affiliates...

When you agree to terms and conditions, you often don't just give your data to that specific app - there's a lot of intra-group data sharing.

For example, the data that dating app Tinder collects is shared with other members of the Match Group, which includes other dating sites OkCupid, Plenty of Fish, and Match.com.

Tinder says it does so for "maintenance, customer care, marketing and targeted advertising", and to remove users who violate their terms of use.

Elsewhere, LinkedIn was bought by Microsoft in 2016, and according to its privacy policy, receives data "about you when you use some of the other services provided by us or our affiliates, including Microsoft."

3. ...and you're also bound by third-party terms

If having to read the tech giant's terms itself wasn't enough, you might also have to read those of other companies that deal with your data.

Amazon says they may share your information with third parties: as well as their own terms, users should "carefully review their privacy statements and other conditions of use".

Or, if you use Apple products, your personal data is shared with companies "who provide services such as information processing, extending credit [...] and assessing your interest in our products and services".

The EU's General Data Protection Regulation (GDPR), which came into force in May, does not order companies to list these third parties in their terms.

However, Ailidh Callander, legal officer at Privacy International, a charity, says this has worrying implications: "It means that companies like data brokers are able to use your location, your interests, your contacts and much more to profile you.

"Privacy policies can be overwhelming, but it is really important to take the time to look not only at what data is being collected and why, but also who it is being shared with (and for what purposes)", she adds.

Wikipedia, on the other hand, does not share your personal information with third parties for marketing purposes. Their terms also make a point of saying how they "don't allow tracking by third-party websites you have not visited".

4. Tinder collects gyroscope data

Sometimes data collection goes beyond name, age and location.

Tinder says that the app collects data from your phone's accelerometers (for measuring movement), gyroscopes (which measure the angle you're holding your phone at), and compasses.

It doesn't, however, say exactly what that data is used for.

5. Facebook keeps your deleted searches...

Image copyright Getty Images

Facebook offers the option to delete searches from their history, giving the user the impression that records of their searches are wiped clean.

The problem, however, is that they aren't.

Their data policy states that while search history can be deleted at any time, "the log of that search is deleted after 6 months".

6. ...and tracks you even if you're off the app

Facebook even tracks what you do when you're not signed in to it - or when you don't have an account.

According to its data policy, it works with "advertisers, app developers and publishers", who can send them information "about your activities off Facebook", through something called Facebook Business Tools.

These partners "provide information about your activities off Facebook - including information about your device, websites you visit, purchases you make, [and] the ads you see".

This happens "whether or not you have a Facebook account or are logged into Facebook".

7. LinkedIn scans your private messages

Image copyright Getty Images

If you thought private messages were private, think again.

LinkedIn uses "automatic scanning technology on messages", according to its privacy policy.

Twitter, meanwhile, stores and processes your messages.

It uses data about "whom you have communicated with and when (but not the content of those communications) to better understand the use of our services, to protect the safety and integrity of our platform."

8. And if you're under 18, your parents should have read this with you

Apple's terms say that "children under the age of majority should review this Agreement with their parent or guardian to ensure that the child and parent or legal guardian understand it."

Yet as BBC research found, to sit through and read their privacy policy and terms would take the average adult more than 40 minutes - let alone the average 13-year-old.

And if reading the privacy policy once wasn't enough, Amazon invites you back to check again: "Our business changes constantly and our Privacy Notice will change also. You should check our website frequently to see recent changes."

9. Don't use your iPhone to make nuclear weapons

Finally, Apple has a line in its UK terms of use telling customers not to use their products "for any purposes prohibited by United States law".

According to their definition, that includes "without limitation, the development, design, manufacture or production of nuclear, missile or chemical or biological weapons".